├── README.md ├── WaterExp.py ├── init ├── ExportEntity.py ├── HeaderVlun.py ├── Inittools.py ├── PrintEntity.py └── cmdline.py ├── urls.txt └── 网站漏洞模板(42个常见漏洞).docx /README.md: -------------------------------------------------------------------------------- 1 | 2 | ![30x30](https://user-images.githubusercontent.com/96420060/179494641-89ede898-38fb-42dd-b0e2-d36d643dd847.jpg) 3 | 4 | 5 | # WaterExp:一款面向安服仔的扫描报告模板 和 碰瓷工具 6 | █ 打工人新时代的摸鱼解决方案,安抚仔挖不到洞的最后一丝欢颜! 7 | 8 | (不产生实际攻击) 9 | (不会getshell) 10 | (面向水报告) 11 | 什么红队蓝队的,要什么shell,老夫日站就是看响应头缺啥一把梭,只要看得过去就能过! 12 | 13 | # 配合《专业水报告漏洞模板.docx》食用更舒服 14 | # 使用方式: 15 | py3 WaterExp.py -u http://www.target.com 16 | py3 WaterExp.py -f urls.txt 17 | 18 | 扫描完毕复制漏洞名称 19 | 打开模板文档 20 | ctrl+a打开微信截图, 21 | 圈上对应响应头 22 | 粘贴上文字 23 | 粘贴到模板文档对应位置 24 | 复制到新文档 25 | 好了,可以出报告了 26 | #渗透模板 27 | ![image](https://user-images.githubusercontent.com/96420060/179387550-4ed2491b-1ccd-4849-8387-2d9e57148f6d.png) 28 | 29 | # 运行截图 30 | 31 | ![image](https://user-images.githubusercontent.com/96420060/189296502-106c8c34-8982-4f6d-a60a-61ddd1f8c7ac.png) 32 | 33 | 扫描结果 34 | ![image](https://user-images.githubusercontent.com/96420060/179387420-0bc4d65c-5d74-4ea4-a476-23b6409c8c48.png) 35 | 36 | # 编程,免杀,工具开发 深入交流小圈子 37 | 绕过您有更多的好检测的洞请告诉我添加进去哦~ 38 | 互相帮助才能打更好的工,摸更漂亮的鱼过期加拉哦 39 | 40 | ![image](https://user-images.githubusercontent.com/96420060/189295166-8e2a46f4-b9b0-4339-9e5d-7389334dca7a.png) 41 | 42 | ![image](https://user-images.githubusercontent.com/96420060/195889411-34b82fd4-8f22-416c-b781-d3b256a00d2b.png) 43 | 44 | 45 | # Star 46 | [![Stargazers over time](https://starchart.cc/linshaoSec/WaterExp.svg)](https://starchart.cc/linshaoSec/WaterExp) 47 | -------------------------------------------------------------------------------- /WaterExp.py: -------------------------------------------------------------------------------- 1 | 2 | 3 | from init.HeaderVlun import HeaderVlun 4 | from init.cmdline import parse_args 5 | from init.PrintEntity import PrintEntity 6 | from init.ExportEntity import ExportEntity 7 | import console 8 | 9 | 10 | allVuln= {} 11 | 12 | def scanSingle(url): 13 | 14 | ExportEntity() 15 | 16 | printEntity.showgreen("=>扫描Headers相关漏洞",printEntity.seatNum) 17 | headers=headerVlun.getHeaders(url) 18 | if not headers:return 19 | for key,value in headers.items(): 20 | printEntity.showUnvipInfo2("\t "+key+" : "+value) 21 | printEntity.printDefault(""+'- '*20) 22 | vulnresult1=headerVlun.getHeadersVuln(headers) 23 | 24 | printEntity.showgreen("=>扫描HTTP请求相关漏洞",printEntity.seatNum) 25 | vulnresult2=headerVlun.getOptionsVlun(url) 26 | 27 | printEntity.showgreen("=>扫描报错信息相关漏洞",printEntity.seatNum) 28 | vulnresult3=headerVlun.getErrorInfoVuln(url) 29 | 30 | allVuln.setdefault(url,vulnresult1+vulnresult2+vulnresult3) 31 | printEntity.printDefault(""+'_'*60) 32 | # printEntity.showgreen("=>页面爬行",printEntity.seatNum) 33 | 34 | 35 | if __name__ == '__main__': 36 | options=parse_args() 37 | print("█ WaterExp: 打工人新时代的摸鱼解决方案,安抚仔挖不到洞的最后一丝欢颜!")#旨在使我们有更多的时间来提升自身能力,而非重复于无意义的操作") 38 | 39 | printEntity=PrintEntity(1)#设置一级显示块 40 | headerVlun=HeaderVlun() 41 | from init.Inittools import Inittools 42 | urls=[] 43 | okurls=[] 44 | errUrls=[] 45 | 46 | if options.url: 47 | print("[+] 开始扫描单个目标 "+options.url) 48 | urls.append(options.url) 49 | okurls,errUrls=Inittools.getokurls(None,urls) 50 | scanSingle(okurls[0]) 51 | if options.urls: 52 | # globals(urls) 53 | # globals(okurls) 54 | # globals(errUrls) 55 | import os 56 | if not(os.path.exists(options.urls)):exit("[!] File ["+options.urls+"] not exist!!") 57 | print("[+] 开始扫描多个目标 "+options.urls) 58 | f=open(options.urls,'r') 59 | urls=f.readlines() 60 | 61 | if len(tuple(set(urls)))!=len(urls): 62 | print("[*] 原%d个,去重后%d个"%(len(urls),len(tuple(set(urls))))) 63 | urls=tuple(set(urls)) #去重 64 | 65 | okurls,errUrls=Inittools.getokurls(None,urls) 66 | # print("\n==>",okurls) 67 | for i in okurls: 68 | i=i.strip() 69 | if not i[0:4] == "http": i = "http://" + i 70 | print("\n"+"█ 开始扫描--> "+i) 71 | scanSingle(i) 72 | print() 73 | # print("█"*80+"\n") 74 | # printEntity.showred("扫描完毕,请求成功/错误/所有:"+str(len(okurls))+"/"+str(len(errUrls))+"/"+str(len(urls)),1) 75 | printEntity.showred("扫描完毕,请求成功/错误/所有:"+str(len(okurls))+"/"+str(len(errUrls))+"/"+str(len(urls)),1) 76 | print() 77 | 78 | for i in allVuln.keys(): 79 | printEntity.showgreen("\tTarget"+"\t"+i,0) 80 | if len(allVuln[i])<=0: 81 | printEntity.showUnvipInfo2("-没有找到漏洞,碰瓷失败",2) 82 | else: 83 | showonce=True 84 | for i in allVuln[i]: 85 | printEntity.seatNum=2 86 | printEntity.showVulnInfo("-"+i,2) 87 | printEntity.showUnvipInfo2("_"*60+"\n",2) 88 | 89 | if len(errUrls)>0: 90 | printEntity.showred("\t请求失败的url: "+str(len(errUrls)),0) 91 | for i in errUrls: 92 | printEntity.showUnvipInfo2("-"+i,2) 93 | printEntity.showUnvipInfo2("_"*60+"\n",2) -------------------------------------------------------------------------------- /init/ExportEntity.py: -------------------------------------------------------------------------------- 1 | class ExportEntity: 2 | def __init__(self): 3 | pass 4 | -------------------------------------------------------------------------------- /init/HeaderVlun.py: -------------------------------------------------------------------------------- 1 | import requests 2 | from init.PrintEntity import PrintEntity 3 | from init.cmdline import parse_args 4 | 5 | headers = {'Connection': 'keep-alive', 6 | 'Cache-Control': 'max-age=0', 7 | 'Upgrade-Insecure-Requests': '1', 8 | 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36', 9 | 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9', 10 | 'Accept-Encoding': 'gzip, deflate', 11 | 'Accept-Language': 'zh-CN,zh;q=0.9', 12 | } 13 | #屏蔽SSl警告 14 | from requests.packages.urllib3.exceptions import InsecureRequestWarning 15 | requests.packages.urllib3.disable_warnings(InsecureRequestWarning) 16 | 17 | 18 | 19 | 20 | class HeaderVlun: 21 | printEntity=PrintEntity(2)#设置2级显示块 22 | def __init__(self): 23 | pass 24 | def getHeaders(self,url): 25 | 26 | try: 27 | res = requests.get(url, verify=False, timeout=3, stream=True, headers=headers, ) 28 | self.printEntity.printDefault("[*] GET method Headers Response:"+str(res.status_code)) 29 | return res.headers 30 | except Exception as e: 31 | print(url+"错误"+str(e)) 32 | return None 33 | pass 34 | def getHeadersVuln(self,headers): 35 | '探测响应头缺失以及信息泄露' 36 | result=[] 37 | #响应头缺失类 38 | vulnheaders={ 39 | 'X-Frame-Options':'.*', 40 | 'Content-Security-Policy':'.*', 41 | 'Set-Cookie':'.*', 42 | } 43 | 44 | for vulnheader in vulnheaders.keys(): 45 | if vulnheader in headers: 46 | # print() 47 | self.printEntity.showInfo("[*] "+vulnheader+" : "+headers[vulnheader]) 48 | if vulnheader == 'Set-Cookie': 49 | values=['Httponly','Secure'] 50 | for i in values: 51 | if str.lower(i) not in str.lower(headers[vulnheader]): 52 | # print("[+] Find vuln:"+i+"头缺失") 53 | self.printEntity.showVulnInfo("[+] (响应头缺失类)\tFind vuln: "+i+"头缺失") 54 | 55 | result.append("(响应头缺失类) "+i+"头缺失") 56 | else: 57 | # print() 58 | self.printEntity.showInfo("[*] Cookie "+i+"丢失不存在") 59 | else: 60 | pass 61 | # print("来了",headers[vulnheader],'Set-Cookie',headers[vulnheader] is 'Set-Cookie') 62 | 63 | elif vulnheader!='Set-Cookie': 64 | # print("[+] Find vuln:"+vulnheader+"头缺失") 65 | self.printEntity.showVulnInfo("[+] (响应头缺失类)\tFind vuln: "+vulnheader+"头缺失") 66 | result.append("(响应头缺失类) "+vulnheader+"头缺失") 67 | 68 | #信息泄露类 69 | #key响应头键,值正则表达式 70 | vulnheaders2={'Server':'(microsoft-IIS/[\d\.]+)|Nginx/[\d\.]+|Servlet/[\d\. ]+jsp/[\d\. ]+|Apache/[\d\. ]', 71 | 'X-Powered-By':'(ASP.NET)|(PHP/[\d\. ]+)' 72 | } 73 | for vulnheader2 in vulnheaders2.keys(): 74 | if vulnheader2 in headers: #寻找头是否存在于headers中 75 | import re 76 | isvuln=re.match(vulnheaders2.get(vulnheader2),headers[vulnheader2],re.I) 77 | if isvuln: 78 | # print("[+] Find vuln:"+vulnheader2+":",headers[vulnheader2]) 79 | self.printEntity.showVulnInfo("[+] (信息泄露类)\tFind vuln: "+vulnheader2+" : "+headers[vulnheader2]) 80 | result.append("(信息泄露类)\t"+vulnheader2+" : "+headers[vulnheader2]) 81 | else: 82 | # print("[*] ------------>"+vulnheader2,headers[vulnheader2]) 83 | pass 84 | else: 85 | # print() 86 | self.printEntity.showInfo("[*] "+vulnheader2+"信息泄露不存在") 87 | return result 88 | def getOptionsVlun(self,url): 89 | result=[] 90 | try: 91 | res=requests.options(url, verify=False, timeout=3, stream=True, headers=headers, ) 92 | if 'Allow' in res.headers: 93 | self.printEntity.showUnvipInfo2('[*] 支持方法'+res.headers['Allow']) 94 | # methods=res.headers['Allow'].split(',') 95 | res=requests.request('trace',url, verify=False, timeout=3, stream=True, headers=headers, ) 96 | if res.status_code==200: 97 | self.printEntity.showVulnInfo('[+] TRACE 方法启用') 98 | result.append("(不安全HTTP方法) TRACE 方法启用") 99 | for key,value in res.headers.items(): 100 | self.printEntity.showUnvipInfo2(" "+key+" : "+value) 101 | self.printEntity.showUnvipInfo2(res.text) 102 | print("- "*20) 103 | else: 104 | self.printEntity.showInfo("[*] TRACE 方法无效"+str(res.status_code)) 105 | 106 | 107 | except Exception as e: 108 | # print() 109 | # self.printEntity.showUnvipInfo2(url+"错误"+str(e)) 110 | self.printEntity.showUnvipInfo2(url+"错误"+e.__class__.__name__) 111 | return result 112 | def getErrorInfoVuln(self,url): 113 | result=[] 114 | try: 115 | import re 116 | tmp=re.match("http[s]?://[\w\.\-\d:]+[\d]{0,5}",url) #只取主机端口部分 117 | url=tmp.group() 118 | if url[-1:]=="/": #去掉主机末尾的/ 119 | url=url[0:-1] 120 | url=url+"/esssdad" 121 | res=requests.get(url, verify=False, timeout=3, stream=True, headers=headers, ) 122 | if res.status_code==404 or res.status_code==500 or res.status_code==403: 123 | paths=(re.findall(r"[cdexf]:\\[\w]+\\[\w]+[\\\w\.]+",res.text,re.I)) 124 | paths=tuple(set(paths))#去重 125 | for path in paths: 126 | self.printEntity.showVulnInfo("[+] 绝对路径泄露 "+url+'\t'+path) 127 | # self.printEntity.showVulnInfo("\t"+path) 128 | result.append("(绝对路径泄露) "+url+" "+path) 129 | #Apache版本泄露 130 | paths2=(re.findall("Apache Tomcat/[\d\.]+",res.text,re.I)) 131 | paths2=tuple(set(paths2)) 132 | for path in paths2: 133 | self.printEntity.showVulnInfo("[+] Apache版本泄露 "+url+'\t'+path) 134 | # self.printEntity.showVulnInfo("\t"+path) 135 | result.append("(Apache版本泄露) "+url+" "+path) 136 | #weblogic默认报错页面 137 | paths3=(re.findall("The server understood the",res.text,re.I)) 138 | for path in paths3: 139 | self.printEntity.showVulnInfo("[+] weblogic默认报错页面 "+url+'\t'+path) 140 | # self.printEntity.showVulnInfo("\t"+path) 141 | result.append("(weblogic默认报错页面) "+url+" "+path) 142 | else: 143 | self.printEntity.showInfo("[*] 报错信息无效"+str(res.status_code)) 144 | except Exception as e: 145 | print(url+"错误"+e.__class__.__name__) 146 | 147 | return result 148 | 149 | -------------------------------------------------------------------------------- /init/Inittools.py: -------------------------------------------------------------------------------- 1 | import threading 2 | import time 3 | import requests 4 | import console 5 | import sys 6 | 7 | th=40 8 | my_urlOks=[] 9 | my_urlErrs=[] 10 | headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0', 11 | # 'Connection':'keep-alive', 12 | 'Cookie': 'baidu=79212t0db8t7tkdiiaggr8f2tl', 13 | 'Cache-Control': 'max-age=0', 14 | 'connection': 'close'} 15 | def doscan(url): 16 | if not url[0:4] == "http": url = "http://" + url 17 | url=str.strip(url) 18 | try: 19 | res = requests.get(url, verify=False, timeout=3, stream=True, headers=headers,)#proxies=proxy) 20 | status = res.status_code 21 | if status==400: 22 | print("\033[1;0;90m[*]"+url+"--400,开始使用https协议\033[0m") 23 | if (url[:7] == "http://"): 24 | url = "https://" + url[7:] 25 | res2 = requests.head(url, verify=False, timeout=3, stream=True, headers=headers,)#proxies=proxy) 26 | if(res2.status_code==400): 27 | print("\033[1;0;90m[*]" + url + "--400,http和https都返回400,已移到my_urlErrs[]\033[0m") 28 | # print(url+" ") 29 | my_urlOks.append(url) 30 | elif(res2.status_code==200): 31 | print("\033[1;0;1m%s%d\033[0m"%(url,200)) 32 | my_urlOks.append(url) 33 | else: 34 | print("注意:未知响应码__110行") 35 | elif status==200: 36 | print("\033[1;0;1;92m%s\t%d\033[0m"%(url,200)) 37 | my_urlOks.append(url) 38 | else: 39 | print(url,status) 40 | my_urlOks.append(url) 41 | except Exception as e: 42 | # print(url+" 报错",e.__class__.__name__) 43 | my_urlErrs.append(url+" 错误类型:"+e.__class__.__name__) 44 | class Inittools: 45 | def getokurls(self,urls): 46 | 47 | s=[] 48 | for i in urls: 49 | t1 = threading.Thread(target=doscan, args=[i], kwargs={}) 50 | s.append(t1) 51 | print("添加任务完成,共%d个"%(len(s))) 52 | 53 | #过滤可访问url 54 | while len(s): 55 | if threading.activeCount() < th: 56 | # print("当前存活线程数%d,当前线程最大值%d,剩余任务%d"%(threading.activeCount(),th,len(s))) 57 | s[0].start() 58 | s.remove(s[0]) 59 | else: 60 | time.sleep(1) 61 | # print("休眠") 62 | while threading.activeCount()!=1: 63 | # print(threading.activeCount()) 64 | time.sleep(1) 65 | return my_urlOks,my_urlErrs 66 | pass 67 | # 68 | 69 | # 70 | 71 | # 72 | # 73 | 74 | # print("-----------------------------------------") 75 | # for i in my_urlOks: 76 | # print(i) -------------------------------------------------------------------------------- /init/PrintEntity.py: -------------------------------------------------------------------------------- 1 | class PrintEntity: 2 | seat="\t|" 3 | seatNum=0 4 | def __init__(self,num): 5 | self.seatNum=num 6 | pass 7 | def printDefault(self,info): 8 | print(self.seat*self.seatNum+"%s"%info) 9 | def showVulnInfo(self,info,numb=-1):#鲜红文字 10 | if numb!=-1: 11 | print("\t"*numb+"|\033[1;0;31m%s \033[0m"%info) 12 | else: 13 | print(self.seat*self.seatNum+"\033[1;0;31m%s \033[0m"%info) 14 | def showInfo(self,info):#绿色文字 15 | print(self.seat*self.seatNum+"\033[1;0;32m%s \033[0m"%info) 16 | def showInfo2(self,info):#暗蓝文字 17 | print(self.seat*self.seatNum+"\033[1;0;34m%s \033[0m"%info) 18 | 19 | def showUnvipInfo(self,info):#暗红文字 20 | print(self.seat*self.seatNum+"\033[1;0;35m%s \033[0m"%info) 21 | def showUnvipInfo2(self,info,numb=-1):#灰色文字 22 | if numb!=-1: 23 | print("\t"*numb+"|\033[0;1;30m%s \033[0m"%info) 24 | else: 25 | print(self.seat*self.seatNum+"\033[0;1;30m%s \033[0m"%info) 26 | def showgreen(self,info,seat):#绿色背景文字 27 | print(self.seat*seat+"\033[0;1;42m%s \033[0m"%info) 28 | def showred(self,info,seat,numb=-1):#红色背景文字 29 | 30 | if numb!=-1: 31 | print("\t"*numb+"|\033[0;1;41m%s \033[0m"%info) 32 | else: 33 | print(self.seat*seat+"\033[0;1;41m%s \033[0m"%info) 34 | -------------------------------------------------------------------------------- /init/cmdline.py: -------------------------------------------------------------------------------- 1 | import optparse 2 | import random 3 | 4 | binner2=""" 5 | ██╗ ██╗ █████╗ ████████╗███████╗██████╗ ███████╗██╗ ██╗██████╗ 6 | ██║ ██║██╔══██╗╚══██╔══╝██╔════╝██╔══██╗██╔════╝╚██╗██╔╝██╔══██╗ 7 | ██║ █╗ ██║███████║ ██║ █████╗ ██████╔╝█████╗ ╚███╔╝ ██████╔╝ 8 | ██║███╗██║██╔══██║ ██║ ██╔══╝ ██╔══██╗██╔══╝ ██╔██╗ ██╔═══╝ 9 | ╚███╔███╔╝██║ ██║ ██║ ███████╗██║ ██║███████╗██╔╝ ██╗██║ 10 | ╚══╝╚══╝ ╚═╝ ╚═╝ ╚═╝ ╚══════╝╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝╚═╝ 11 | 12 | Auth0r:linshao [网站漏洞模板(42个常见漏洞).docx]辅助挖洞脚本 13 | 这是什么: 一款面向安服仔的漏洞碰瓷工具 14 | 公众号: LinshaoSec github: https://github.com/linshaoSec 15 | """ 16 | binner=""" 17 | 18 | 0 19 | 000 20 | @@@@@ 21 | @@@@@@@ 22 | @@@@@@@@@ 23 | G@@@@@0@@@@0 24 | 00@0@000 @@@@@8 25 | @@@@@0008 .@@@@@0 26 | 0@@@08888 ...0@@@@@ 27 | 0000@8888 ....L0@@@@ 28 | @@@@@CCC8C .,,,,@@@@@ 29 | ,0@@@@CCCCC ,,,,,@@@@@ 30 | 00@@@0GGGCC ,,:::@@@@@t 31 | 0@@@@0GGGGG ,:::::0@@@@0 32 | 00@@@CLGGGG ::::::@@@@@@ 33 | 000@@LLLLLG ;;;;;;0@@@@0 34 | 0@@@0fLLLLL ;;;;;;;@@@@@ 35 | .@@@@@fffLLL ;;;iiii@@@@0 36 | C@@@@0ffffff iiiiiii0@@@@. 37 | @@@00@@@@@0LLLLLL0000@@0@00@0@@@@0@00LLLLLLL00@@@@@@@0 38 | 0@00G....,,,,:::::;@@@@@0LL1111ttttffffLLLLLGGGGG@0@ 39 | @00GG,,,,,::::::;;;8@@0L11111ttt00fffLLLi,:...000 40 | @0@@0LLL,,,,,,,,,,,,,:0000,,,,f00000L,,::,,,,i00000 41 | 0@@00LLLLL:,,,,,,,,,,,,0000000000LLL8Lf,,:,,,GLL00000 42 | L0@@@@iLLLffff,,,,,,,,,,000000000LLL;,,,,,,::,LLLLf@0000 43 | @00@@0iiiLLLffff,,,0,,@0@@@00000@LL,,,,,,,::::LLLLfff00000G 44 | @@@@@0;;iiiL000ttti,@@@00LLLLL0000LL,,,,,,;;::@0GffffLL000000 45 | @@@@@f;;;;;; L000ttt1,00LLL1,,,,,0008,,,,:;;;;@@0 LLLLLL00000@ 46 | @0@@0::;;;;: 0001111,,LL,,,,,,,00000C,iiiii000 LLLLGG800000 47 | @00@@:::::: 00011ii,,,,,,,,,,00GLLLLiii8@00 LGGGGGL@0000 48 | ,0000@:::::: 000iiii,,,,,,,,,,tL:,111i0000 GGGGGG0000@ 49 | 00000@,,,,: 000i;;;,,,,,,,,,,,,11t1@@@, GGGCCC00000i 50 | @0@@@@,,,,, 000i;;;,,,,,,,,,,ttt10@@ CCCCC00@@@@ 51 | 0@@@@8..., 0000;::,,,,,,,,fttt@@0 CCC880@@@@0 52 | 0@@@@..... t000:::,,,,,,ffft000 888800000@ 53 | 0@@@0 ... GCCCCGGGGGGLLLLLLffLLL:,::,,:LLLfLLLii;;;;;::::::,,,,.. 888t00@0@ 54 | @0@0@ 80088888CCCCCCGGGGGGLLLLLfffLLL,,,::LLLLLLGiii;;;;;;:::::,,,,,...... i@@@@@@ 55 | G@@@@0GGGGGGGLLLLLLLLLLLffffffffffttfLGL,,,:GGLLLf1111111iiiiiiiii;;;;;;;;;;;;:110@@@0 56 | 0@@@@@@0@@00000000000000@@@@@@@@@@00@000@@..GG000000@@@@@@0@000@000000000000@000000000000 57 | 0@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@G:000000000000000000000000000000000000000000000 58 | @00000 59 | :000 Author : Linshao 60 | @ Version: v1.0 61 | 62 | 63 | """ 64 | 65 | usage=""" 66 | python3 %prog -u http://www.target.com 67 | python3 %prog -f urls.txt 68 | """ 69 | parser=optparse.OptionParser(usage, #使用 70 | description="", #描述 71 | version="linshao: %prog v1.0", #版本信息 72 | epilog="-"*60) #演示信息 73 | parser.add_option('-u','--url', dest='url',help='扫描目标网址') #添加参数 74 | parser.add_option('-f','--urls', dest='urls',help='扫描目标网址文件,一行一个') 75 | # parser.add_option('-l','--showLevel', dest='showLevel',help='显示层级,默认1显示全部,[1全部][2.漏洞检测结果][3.确定存在漏洞]',type=str,default="123") 76 | # parser.add_option('-o','--out', dest='out',default='result.txt',help='导出结果,默认./result.txt') 77 | options,args=parser.parse_args() #解析输入 78 | 79 | 80 | 81 | def parse_args(): 82 | if random.randint(1,2)==1: 83 | print(binner) 84 | else: 85 | print(binner2) 86 | if options.url==None and options.urls==None: 87 | parser.print_help() 88 | exit(0) 89 | return options 90 | -------------------------------------------------------------------------------- /urls.txt: -------------------------------------------------------------------------------- 1 | http://www.microdatar.com/ 2 | http://138.201.161.2/ 3 | https://13.56.192.120/ 4 | http://164.100.127.83/ -------------------------------------------------------------------------------- /网站漏洞模板(42个常见漏洞).docx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linshaoSec/WaterExp/66795d6a2621abad22682931905c4d6bb4e3e67d/网站漏洞模板(42个常见漏洞).docx --------------------------------------------------------------------------------